Get our free email newsletter

Analyzing Risk Before and After Sale

Originally developed in the 1950s in connection with the U.S. missile program, risk assessment and related engineering evaluations have, since that time, been a part of the design and manufacturing process. But, for many manufacturers, it was an informal process with little documentation.

More recently, however, pre-sale risk assessment has become a topic of discussion in legal and manufacturing circles. Industries and standards groups in the United States and Europe have turned their attention to risk assessment and developed specific methodologies for their industries or specific products.

In addition, risk assessment is now being used by manufacturers and government entities to assist in making decisions about post-sale responsibilities, including whether a product should be reported to a government agency and recalled.

- Partner Content -

EMC & eMobility

For a company embarking on EMC testing for either component or vehicle-level testing of their EV products, it is necessary first to have a good understanding of the EMC regulatory situation.

This article will discuss risk assessment techniques before and after sale and some of the legal and practical implications arising from their use.


Why the Increased Interest in Risk Assessment?

Although risk assessment methods have existed in various forms for many years, interest has increased over the last 15 years for several reasons including:

  • Costs—Significant opportunities exist for productivity gains and cost efficiencies.
  • International influences—The CE mark is an identifying symbol and certification that a product meets the applicable European standards and is in fact safe and is required for most products sold in the European Union (EU). The first step in obtaining the CE mark is to complete a risk assessment. The assessment must be documented. In most instances, the mark is a self-certification provided by the product manufacturer. In addition, product specific directives, such as the Radio Equipment Directive, have recently incorporated risk assessment into the conformity assessment phase of product development.
  • Capturing knowledge—A completed risk assessment can be used to capture much of the knowledge pertinent to the design being considered, which can in turn be applied to similar designs.
  • Product liability—Risk assessments help reduce exposure to hazards and can assist in building a successful defense against a product liability claim.
  • Lack of standards—When standards do not exist or have not kept pace with technological change, risk assessments provide a basis for making credible design decisions.
  • Customer requirements—Some customers are requesting that their manufacturers/suppliers conduct risk assessments.


- From Our Sponsors -

Use of Risk Assessment in Determining Pre-Sale Responsibilities

What is Risk Assessment?

Risk assessment is a tool for manufacturers to identify possible hazards and provide a basis for considering alternative designs to mitigate or control risks. A risk assessment offers the opportunity to identify hazards associated with intended uses and reasonably foreseeable misuses, and to take steps to eliminate or control them before an injury occurs. This process can be a key factor in successfully reducing risks to an acceptable level.

While it is difficult to imagine a manufacturer not using some kind of risk assessment when designing and manufacturing products, its use has some limits. Risk assessment techniques only provide a framework for an analysis of risk. The manufacturer must still decide what risk is acceptable before making a decision on the product’s final design, warnings, and instructions. This decision is based on factors that are not grounded in the law or even safety. Corporate culture, risk tolerability, and the marketplace sometimes drive the decision.

Risk assessment techniques are well-developed and documented. However, they can be difficult, time-consuming and costly to utilize. Therefore, while it has been mandated for use in things like missiles and weapons systems, its use in analyzing safety when developing a typical product has not been as common.

Although many different approaches can be taken in performing a risk assessment, certain steps are common. Here is a brief summary of the risk assessment process, step by step.

1. The first step in the risk assessment process is to establish the parameters of the analysis. These parameters can be limits of the product or design, limits on uses, limits on the scope of the analysis, or other limits.

2. The next step is to identify hazards associated with the product or process design. This step is absolutely critical to the assessment. Different methods are used to eliminate or minimize hazards, and the different industry approaches to risk assessment reflect these differences.

3. Once hazards have been identified, the risk assessment effort begins. Several different risk models are used. Some methods use two risk factors (severity of injury and probability of occurrence). Other methods use three or more factors by breaking probability into components (e.g., frequency of exposure and avoidance).

4. After the risk factors are assessed, a risk rating is derived from a risk matrix. The risk matrix is the combination of risk factors mapped to various risk levels. Different industries use different risk matrices.

The risk assessment process yields a level of risk. If the risk is determined not to be acceptable, it is necessary to reduce that risk by implementing protective measures. Determining which risks or levels are and are not acceptable is company-specific and situation-specific.

In some instances, individual industries have provided guidance on levels of acceptable risk. In other instances, original equipment manufacturers or retailers have dictated acceptable levels of risk. In many instances, this decision is left to the manufacturer, as it depends greatly on company culture and tolerability to risk.

Unfortunately, the common law and, in most situations, regulatory law from federal government agencies, are not helpful in determining how safe is safe enough. And, no matter what decision is made, no matter where the line is drawn, the plaintiff will argue that the product should have been made safer.

5. Risk reduction activities begin after the risk rating is derived. Product modifications are taken to reduce risks following the hazard hierarchy commonly accepted across several industries and risk experts. The preferred hierarchical order of actions is to: 1) eliminate hazards through the design; 2) protect or guard against the hazard; 3) warn the user about the hazard; 4) train the user to avoid the hazard, or; 5) require the use of personal protective equipment.

6. After the risk reduction methods have been identified and implemented, most risk assessment protocols call for a second assessment of the risk factors. This second assessment helps to verify that the risks have been reduced to an acceptable level.

7. After risks have been reduced to an acceptable level, the risk assessment activities should be documented. The documentation can be added to a technical file for future use.


Documenting Pre-Sale Risk Assessment

Anyone knowledgeable about product liability understands the dangers of evaluating risk with the exactitude of some of these risk assessment processes. No matter what action the manufacturer takes, the plaintiff will argue that more could have been done and should have been done. Or, the plaintiff will argue that the manufacturer intentionally quantified the level of risk so low or degree of difficulty in reducing the risk so high that it would not be appropriate to design out the hazard.

Documentation of the risk assessment can be a roadmap for the plaintiff and the plaintiff’s expert to challenge each and every calculation and assumption made in the design process. Visions of creating a smoking gun can scare risk assessment participants and their counsel into not doing enough to analyze risk and document it.

This problem cannot be dealt with easily. The reality is that risk assessment standards, requirements and guidelines exist. If they apply to a particular product, the manufacturer must decide whether to perform the assessment. If it is performed, it must be documented. It is possible that the manufacturer’s customer requires that a report be provided. This is particularly true for component part manufacturers selling to original equipment manufacturers who perform their own risk assessments.

Under any type of risk assessment, the manufacturer will need to list the hazard, the probability and severity of harm, and the methods by which the risk can be minimized and ultimately was minimized. The document will naturally show the residual risk in the final product as designed as well as the attempts to further minimize that risk by way of warnings and instructions.

Of course, this document, as with all company documents, should be subject to the company’s record retention program, and it may not be necessary to keep it forever. But that doesn’t really give the company much guidance. In many instances, keeping the risk assessment is essential in showing a plaintiff and a jury that the manufacturer tried to design and sell a reasonably safe product. So, evidence that a risk assessment was done may be very helpful.

On the other hand, the details of the initial analysis or even the residual risk in the product after it is finally produced may, as stated above, allow the plaintiff’s expert to criticize the analysis or final decisions of the manufacturer. Manufacturers should strive to create and retain documents showing that a risk assessment was done and to show that the remaining risks in the product were reasonable and that it would be very difficult and costly to make the product any safer.

There are also benefits to keeping documentation of the risks that were not considered because they were nonexistent or too low, or were designed out or minimized. This shows that you considered other hazards and made your best estimate as to whether they were foreseeable and of enough significance to evaluate. Unfortunately, these documents can also be used to criticize the manufacturer’s decisions during this process.


Use of Risk Assessment in Determining Post-Sale Responsibilities

One of the most important issues facing any manufacturer is how to determine whether they have a post-sale duty under the common law and a responsibility to report to a government agency in the U.S. and elsewhere and whether they have to undertake a post-sale corrective action such as issuing a safety bulletin or undertaking a recall or retrofit. A failure in either of these areas can result in big fines imposed by the government and possible compensatory and punitive damages in product liability litigation for failure to fix a known safety problem.


U.S. Common Law Legal Requirements

Most states have adopted a post-sale duty to warn duty that is governed by negligence. Levels of risk (hazard, probability and severity) are weighed against the difficulty of providing this post-sale warning to consumers. This is the same analysis that is done before the product is sold.

Therefore, risk assessment, which should be done before sale, is also appropriate to perform after sale when deciding whether there is a common law post-sale duty to warn.

However, just like pre-sale risk assessment, there is no clear threshold for recalling or warning or doing any corrective action with products in customer’s hands. Customer goodwill, risk tolerability, insurance issues and safety are some of the factors that need to be analyzed before a rational decision is made. After deciding, it is important to document the basis for the decision so that the manufacturer can prove that it thought about its legal and practical obligations and made a decision based on the itemized factors.

U.S. and Foreign Regulatory Law

U.S. and foreign regulatory laws and regulations also encourage risk assessment after sale. The U.S. Consumer Product Safety Commission (CPSC) is governed by the Consumer Product Safety Act. Section 15(b) of the Act requires, in part, that a manufacturer report to the CPSC if the product has a defect which creates the possibility of a substantial product hazard.

The CPSC says in the CPSC Recall Handbook:

“Generally, a product could create a substantial hazard when consumers are exposed to a significant number of units or if the possible injury is serious or is likely to occur.”

Then the regulations provide the following factors a manufacturer must consider in determining if there is a substantial product hazard: pattern of defect, number of defective products in commerce, severity of risk and likelihood of injury.

Once a report is made, there is very little guidance from the CPSC as to whether a post-sale corrective action is necessary and, if one is done, what are the elements of an adequate program. The CPSC staff classifies the hazards as A, B or C. This is based on an evaluation of the probability of future harm and the severity of that harm, the same factors used in pre-sale risk assessment.

In the EU, risk assessment has been part of their regulatory scheme for certain products since at least 1996. Today, post-sale risk assessment continues to be required under various directives. There are general risk assessment methodologies which are used by the authorities to determine if a recall is necessary. One is called the “EU general risk assessment methodology” which is to be used exclusively post-sale and is currently being finalized before being implemented.

Documenting Post-Sale Risk Assessment

It is even more important to document risk assessment when done post-sale because the manufacturer may have to justify its decision not to report to a government agency or justify why it undertook a certain corrective action and why it was adequate for the future risk.

And in a U.S. product liability case, the plaintiff’s attorney can discover all risk assessment documents no matter where they were performed. They will be looking for admissions by the manufacturer that certain risks exist that were not reduced or to show that a foreign product is safer than the version sold in the U.S.

In addition, as with pre-sale risk assessment documents, the post-sale analysis can be used against the manufacturer to argue that they ignored and miscalculated future risk or undertook an inadequate corrective action.

Despite all of these potential problems, documenting the rationale of post-sale decisions is imperative to justify your actions to a government agency and possibly defend against allegations of a willful disregard of public safety in a product liability case.

Consequences of Using Risk Assessment

The plaintiff can still argue that products are defective even if the manufacturer performed a risk assessment. However, risk assessment can impact the nature of the argument considerably. Without evidence that a risk assessment was performed, the plaintiff can attack both the decision process (or lack of a process) and the decisions. With a documented risk assessment, the argument primarily involves issues of judgment about the decisions made.

In the event of litigation, a risk assessment may be useful to frame the discussion before the court. Rather than isolating one hazard that the plaintiff encountered, the defense can use the risk assessment as evidence of the many hazards evaluated, how the risks interact (reducing risk of one hazard may increase risk of another), and demonstrate that adequate and appropriate risk reduction efforts were implemented for all of the risks.

In some cases, part of the legal argument involves whether the plaintiff’s use of the product was reasonably foreseeable. After an incident, a manufacturer may have a difficult time showing that any particular use or misuse was not foreseeable. However, a completed risk assessment could help, as this analysis which is completed before an incident should identify and address those uses and misuses that are reasonably foreseeable based on the information available.

If the plaintiff’s use or misuse does not appear on the risk assessment, one could argue that the action was not reasonably foreseeable. If it does appear on the assessment, the arguments should focus on whether the risk reduction measures implemented reduced the risk to an acceptable level.

While some companies have been conducting and documenting risk assessments for as long as 15 years, a great many manufacturers are just beginning to learn of the process. Experienced attorneys can assist by making its introduction and integration a smooth process. Counsel should also help evaluate the risk of doing such analyses and educate employees on how to make certain judgments and properly document the process.

A company needs to consider all risk assessment methodologies required in all countries where the product is being sold as the product is being designed. Using similar risk assessment analysis for products sold throughout the world will negate any argument that the manufacturer is discriminating against consumers in any particular country because of product liability risk or risk of governmental fines. There is a benefit in a consistent approach to post-sale risk in every location where the risk exists.

Defense counsel may raise concerns to the manufacturer that risk assessments have not been thoroughly tested, that there are problems with documentation requirements, and that, if not conducted correctly, the risk assessment could be very damaging. These concerns are not unfounded. However, like it or not, requirements for documented risk assessments are here. Failing to conduct and document a risk assessment might be a bigger problem than doing one.



The best advice is to carefully perform the appropriate assessment and be prepared to stand behind the process and conclusions. While a plaintiff and his or her expert may disagree with your analysis, you can argue that you employed state-of-the-art safety analyses to produce a reasonably safe product and analyze post-sale risks and made your best judgment, before and after sale, about the appropriate course of conduct.

Risk assessment is a well-developed process that conforms to best practices in the engineering world as well as the analysis that the common law and government agencies want manufacturers to engage in before and after they sell their product.


author_ross-kennethKenneth Ross is a Senior Contributor to In Compliance Magazine, and a former partner and now Of Counsel to Bowman and Brooke LLP. Ross provides legal and practical advice to manufacturers and other product sellers in all areas of product safety, regulatory compliance and product liability prevention, including risk assessment, document management, safety management, recalls and dealing with the CPSC. He can be reached at 952-210-2212 or Other articles by Ross can be accessed at

Related Articles

Digital Sponsors

Become a Sponsor

Discover new products, review technical whitepapers, read the latest compliance news, trending engineering news, and weekly recall alerts.

Get our email updates

What's New

- From Our Sponsors -

Sign up for the In Compliance Email Newsletter

Discover new products, review technical whitepapers, read the latest compliance news, trending engineering news, and weekly recall alerts.